Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(144)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: core/src/fpdfapi/fpdf_render/fpdf_render_image.cpp

Issue 1007643002: Fix potential integer overflow in fpdf_render_image.cpp (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 PDFium Authors. All rights reserved. 1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 6
7 #include "../../../include/fxge/fx_ge.h" 7 #include "../../../include/fxge/fx_ge.h"
8 #include "../../../include/fxcodec/fx_codec.h" 8 #include "../../../include/fxcodec/fx_codec.h"
9 #include "../../../include/fpdfapi/fpdf_module.h" 9 #include "../../../include/fpdfapi/fpdf_module.h"
10 #include "../../../include/fpdfapi/fpdf_render.h" 10 #include "../../../include/fpdfapi/fpdf_render.h"
11 #include "../../../include/fpdfapi/fpdf_pageobj.h" 11 #include "../../../include/fpdfapi/fpdf_pageobj.h"
12 #include "../../fxcrt/fx_safe_types.h"
12 #include "../fpdf_page/pageint.h" 13 #include "../fpdf_page/pageint.h"
13 #include "render_int.h" 14 #include "render_int.h"
14 FX_BOOL CPDF_RenderStatus::ProcessImage(CPDF_ImageObject* pImageObj, const CFX_A ffineMatrix* pObj2Device) 15 FX_BOOL CPDF_RenderStatus::ProcessImage(CPDF_ImageObject* pImageObj, const CFX_A ffineMatrix* pObj2Device)
15 { 16 {
16 CPDF_ImageRenderer render; 17 CPDF_ImageRenderer render;
17 if (render.Start(this, pImageObj, pObj2Device, m_bStdCS, m_curBlend)) { 18 if (render.Start(this, pImageObj, pObj2Device, m_bStdCS, m_curBlend)) {
18 render.Continue(NULL); 19 render.Continue(NULL);
19 } 20 }
20 return render.m_Result; 21 return render.m_Result;
21 } 22 }
(...skipping 978 matching lines...) Expand 10 before | Expand all | Expand 10 after
1000 FX_ARGB back_color = 0xff000000; 1001 FX_ARGB back_color = 0xff000000;
1001 if (pBC) { 1002 if (pBC) {
1002 CPDF_Dictionary* pDict = pGroup->GetDict(); 1003 CPDF_Dictionary* pDict = pGroup->GetDict();
1003 if (pDict && pDict->GetDict(FX_BSTRC("Group"))) 1004 if (pDict && pDict->GetDict(FX_BSTRC("Group")))
1004 pCSObj = pDict->GetDict(FX_BSTRC("Group"))->GetElementValue(FX_B STRC("CS")); 1005 pCSObj = pDict->GetDict(FX_BSTRC("Group"))->GetElementValue(FX_B STRC("CS"));
1005 else 1006 else
1006 pCSObj = NULL; 1007 pCSObj = NULL;
1007 pCS = m_pContext->m_pDocument->LoadColorSpace(pCSObj); 1008 pCS = m_pContext->m_pDocument->LoadColorSpace(pCSObj);
1008 if (pCS) { 1009 if (pCS) {
1009 FX_FLOAT R, G, B; 1010 FX_FLOAT R, G, B;
1010 FX_DWORD num_floats = 8; 1011 FX_DWORD comps = 8;
1011 if (pCS->CountComponents() > (FX_INT32)num_floats) { 1012 if (pCS->CountComponents() > static_cast<FX_INT32>(comps)) {
1012 num_floats = (FX_DWORD)pCS->CountComponents(); 1013 comps = (FX_DWORD)pCS->CountComponents();
1013 } 1014 }
1014 CFX_FixedBufGrow<FX_FLOAT, 8> float_array(num_floats); 1015 CFX_FixedBufGrow<FX_FLOAT, 8> float_array(comps);
1015 FX_FLOAT* pFloats = float_array; 1016 FX_FLOAT* pFloats = float_array;
1016 FXSYS_memset32(pFloats, 0, num_floats * sizeof(FX_FLOAT)); 1017 FX_SAFE_DWORD num_floats = comps;
1018 num_floats *= sizeof(FX_FLOAT);
1019 if (!num_floats.IsValid()) {
1020 return NULL;
1021 }
1022 FXSYS_memset32(pFloats, 0, num_floats.ValueOrDie());
1017 int count = pBC->GetCount() > 8 ? 8 : pBC->GetCount(); 1023 int count = pBC->GetCount() > 8 ? 8 : pBC->GetCount();
1018 for (int i = 0; i < count; i ++) { 1024 for (int i = 0; i < count; i ++) {
1019 pFloats[i] = pBC->GetNumber(i); 1025 pFloats[i] = pBC->GetNumber(i);
1020 } 1026 }
1021 pCS->GetRGB(pFloats, R, G, B); 1027 pCS->GetRGB(pFloats, R, G, B);
1022 back_color = 0xff000000 | ((FX_INT32)(R * 255) << 16) | ((FX_INT 32)(G * 255) << 8) | (FX_INT32)(B * 255); 1028 back_color = 0xff000000 | ((FX_INT32)(R * 255) << 16) | ((FX_INT 32)(G * 255) << 8) | (FX_INT32)(B * 255);
1023 m_pContext->m_pDocument->GetPageData()->ReleaseColorSpace(pCSObj ); 1029 m_pContext->m_pDocument->GetPageData()->ReleaseColorSpace(pCSObj );
1024 } 1030 }
1025 } 1031 }
1026 bitmap.Clear(back_color); 1032 bitmap.Clear(back_color);
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
1077 } 1083 }
1078 } else { 1084 } else {
1079 FXSYS_memcpy32(dest_buf, src_buf, dest_pitch * height); 1085 FXSYS_memcpy32(dest_buf, src_buf, dest_pitch * height);
1080 } 1086 }
1081 if (pFunc) { 1087 if (pFunc) {
1082 delete pFunc; 1088 delete pFunc;
1083 } 1089 }
1084 FX_Free(pTransfer); 1090 FX_Free(pTransfer);
1085 return pMask; 1091 return pMask;
1086 } 1092 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698